[keycloak-user] .NET Core OIDC auth
Rafael Soares
rsoares at redhat.com
Tue Jul 26 01:27:28 EDT 2016
Hi!
After a while I managed to get this .NET sample project working (Log
in/out) with Keycloak!
I changed the .NET client code to use 'id_token' as the OIDC ResponseType.
See the line #42.
<https://github.com/rafaeltuelho/IdentityServer4.Samples/blob/dev/MVC%20and%20API/src/AspNetCoreAuthentication/Startup.cs#L42>
o/
On Tue, Jul 26, 2016 at 2:00 AM, Rafael Soares <rsoares at redhat.com> wrote:
>
> I'm trying to integrate an ASP .NET Core client web app with Keycloak
> using the .NET Core native OIDC Support.
>
> For this I'm using a sample project available in the IdentityServer Github
> repo [1]. IdentityServer is an OIDC Auth Server/Framework implementation
> for .NET platform.
>
> I forked that sample repo and changed the configuration to use the
> Keycloak OIDC endpoints.
> The code snippet changed to use keycloak endpoint is this one
> <https://github.com/rafaeltuelho/IdentityServer4.Samples/blob/dev/MVC%20and%20API/src/AspNetCoreAuthentication/Startup.cs#L37>.
>
>
> I was able to run this code on my RHEL 7 box using .NET Core for Linux
> [2]. In the KC side I just created a new realm and a client (see the
> dotnetcore.json realm config attached). The web app starts and the secured
> pages/resources redirects the user to the Keycloak endpoint, but after the
> user authenticates and KC responds the request the following error occurs
> on .NET client side:
>
> "OpenIdConnectProtocolInvalidCHashException: IDX10307: *The 'c_hash'
> claim was not found in the id_token*, but a 'code' was in the
> OpenIdConnectMessage, id_token:
> '{"alg":"RS256","typ":"JWT"}.{"jti":"cae47265-327e-4961-aeb2-6615713cc6f8","exp":1469508079,"nbf":0,"iat":1469507779,"iss":"
> http://localhost:8080/auth/realms/dotnetdemo","aud":"dotnetcore","sub":"b8a10870-3abd-487b-802e-e57307eafc14","typ":"ID","azp":"dotnetcore","nonce":"636051045638599850.NTdmY2FhNWQtYzNmYi00Zjg1LWFlZjItYmViYzBmZTgwMjYzZDMwMDdlYzYtMGJiMS00OWY1LTlhZTQtY2VjNWYyMzM2Yzhl","session_state":"b3010cce-24ac-426b-969a-cccefe41711f","name":"dot
> NET","preferred_username":"dotnetuser","given_name":"dot","family_name":"NET","email":"
> donetuser at localhost.com"}'"
>
> Searching for this message "*The 'c_hash' claim was not found in the
> id_token*" I found the issue *KEYCLOAK-3286* [3]. Does this error have
> something to do with the *KEYCLOAK-3286?*
>
> Does some one tried to integrate a .NET app with Keycloak using OIDC
> protocol?
>
> [1] https://github.com/IdentityServer/IdentityServer4.Samples
> [2] https://www.microsoft.com/net/core#redhat
> [3] https://issues.jboss.org/browse/KEYCLOAK-3286
>
> --
>
> ___
> Rafael T. C. Soares
>
>
--
___
Rafael T. C. Soares | Solution Architect
JBoss Enterprise Middleware | Red Hat Brazil
Mobile: +55 71 98181-3636
Phone: +55 11 3529-6096
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160726/78157546/attachment.html
More information about the keycloak-user
mailing list